Interface OperatorPrivileges.OperatorPrivilegesService

All Known Implementing Classes:
OperatorPrivileges.DefaultOperatorPrivilegesService
Enclosing class:
OperatorPrivileges

public static interface OperatorPrivileges.OperatorPrivilegesService
  • Method Details

    • maybeMarkOperatorUser

      void maybeMarkOperatorUser(Authentication authentication, ThreadContext threadContext)
      Set a ThreadContext Header AuthenticationField.PRIVILEGE_CATEGORY_KEY if authentication is an operator user.
    • check

      ElasticsearchSecurityException check(Authentication authentication, String action, TransportRequest request, ThreadContext threadContext)
      Check whether the user is an operator and whether the request is an operator-only.
      Returns:
      An exception if user is an non-operator and the request is operator-only. Otherwise returns null.
    • checkRest

      boolean checkRest(RestHandler restHandler, RestRequest restRequest, RestChannel restChannel, ThreadContext threadContext)
      Checks to see if a given RestHandler is subject to operator-only restrictions for the REST API. Any REST API may be fully or partially restricted. A fully restricted REST API mandates that the implementation results in restChannel.sendResponse(...) and return a false to prevent any further processing. A partially restricted REST API mandates that the RestRequest is marked as restricted and return true. No restrictions should also return true.
      Parameters:
      restHandler - The RestHandler to check for any restrictions
      restRequest - The RestRequest to check for any restrictions and mark any partially restricted REST API's
      restChannel - The RestChannel to enforce fully restricted REST API's
      Returns:
      true if processing the request should continue, false if processing the request should halt due to a fully restricted REST API
    • maybeInterceptRequest

      void maybeInterceptRequest(ThreadContext threadContext, TransportRequest request)
      When operator privileges are enabled, certain requests needs to be configured in a specific way so that they respect operator only settings. For an example, the restore snapshot request should not restore operator only states from the snapshot. This method is where that requests are configured when necessary.